Senior Manager, Cyber Risk, Audit, Compliance & Data Privacy

Vale•Toronto, ON

65d•$140,000

About The Position

We are currently seeking a Senior Manager, Cyber Risk, Audit, Compliance & Data Privacy to join our Information Technology (IT) team in Toronto, Canada, supporting all global Vale Base Metals operations. This is a high‑impact leadership role responsible for governing and maturing the organization’s global cybersecurity risk and compliance posture across enterprise IT, cloud, and industrial OT environments. This role is the governance anchor of the cybersecurity program. It ensures Vale Base Metals can demonstrate due care and due diligence through defensible risk frameworks, regulatory alignment, control assurance, and board‑level reporting. You will own the cybersecurity risk management framework end‑to‑end—spanning threat inventory, risk identification, formal risk acceptance, and treatment tracking. This opportunity is ideal for a cybersecurity governance leader capable of influencing executives, partnering across global OT and IT teams, and shaping an enterprise control environment that is defensible, measurable, and aligned with global regulatory expectations. You will lead the global data privacy program and the enterprise cybersecurity training and awareness strategy, ensuring human risk factors are measured, reduced, and transparently reported. In heavily regulated industrial sectors, this function is what keeps the organization on the right side of legal and compliance obligations while equipping the CISO and executive leadership with quantified risk intelligence for strategic and financial decision‑making. You bring deep experience in cybersecurity governance, risk, audit, compliance, and data privacy within industrial, safety‑critical, or highly regulated sectors. You understand how to translate complex technical risk signals into clear business, financial, and operational impact narratives for senior leadership and the Board. You have a strong ethical foundation and are comfortable guiding decisions tied to risk tolerance, regulatory exposure, and enterprise resilience. You are a structured thinker, a strong communicator, and a collaborative leader able to influence across cultures and functions.

Requirements

Undergraduate degree
CISSP (mandatory)
11–15 years of experience in cybersecurity risk, governance, audit, compliance, or data privacy.
Deep working knowledge of leading cybersecurity frameworks including ISO 27001/27005, NIST CSF, and CIS Controls, applied in both IT and industrial OT contexts.
Strong internal control design, testing, validation, and assurance experience across technical and operational environments.
Ability to develop executive‑ready materials that convey complex cyber‑risk issues in understandable business, regulatory, financial, and operational terms.
Demonstrated experience working within highly regulated, safety‑critical industrial sectors requiring strict adherence to compliance and risk‑management principles.
Strong ethical judgment, governance leadership, and the ability to influence enterprise‑level decisions involving risk tolerance and regulatory exposure.

Nice To Haves

Advanced training in risk quantification, privacy, or governance frameworks
Additional relevant certifications - CISA, CIPP / CIPP‑E / CIPP‑C (Data Privacy), ISO 27001 Lead Implementer or Lead Auditor, CISM or CRISC, FAIR‑CCRL (Cyber Risk Quantification)

Responsibilities

End‑to-end ownership of enterprise cybersecurity risk management frameworks, including threat inventory, risk identification, risk scoring, formal risk acceptance, and treatment tracking.
Leading internal and external cybersecurity audits, regulatory engagements, and control assurance programs, ensuring defensible evidence and timely remediation.
Establishing governance over cybersecurity policies, standards, procedures, and measurable control‑based risk‑reduction mechanisms across IT, cloud, and OT environments.
Providing data privacy program leadership across multi-jurisdictional regions, ensuring compliance with global privacy regulations and defensible governance practices.
Preparing and delivering executive‑level and board‑level cybersecurity risk reporting, translating technical risks into clear financial, operational, and strategic impact narratives.
Managing third‑party and supply‑chain cybersecurity risk assessments, ensuring alignment with contractual, regulatory, and enterprise control expectations.
Designing and maintaining cybersecurity maturity models, dashboards, metrics, and continuous‑monitoring capabilities for oversight and decision‑making.
Leading cybersecurity awareness, culture, and human‑risk reduction programs, including measurement of behavioural risk indicators.
Managing and developing cybersecurity governance teams operating in global, technically complex, highly regulated industrial environments.

Benefits

Competitive compensation including a variable annual incentive plan
Participation in a competitive Defined Contribution Pension package
Comprehensive benefits package (company paid core coverage, health and dental coverage, flex accounts, disability plans, and optional insurances)
Leave for all of life’s reasons (vacation, personal, sick, parental)
Work culture dedicated to safety, diversity & inclusion, and career growth
Employee Family Assistance Program
Virtual Healthcare online
Online training and career development opportunities

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume